Enterprises inundated with security alerts: FireEye

A study by IDC, commissioned by FireEye, has shown that organisations continue to be overwhelmed by security alerts, especially redundant ones, but they are turning to third-party IT security management to reduce the risk of missing critical alerts.

Research from FireEye has highlighted that organisations are struggling to efficiently act on security notifications due to the overwhelming number of redundant alerts.

The report, The numbers games: How many alerts is too many to handle, conducted by IDC, showed that 37 percent of respondents indicated that they receive more than 10,000 security alerts per month, an average of at least 300 per day. Within Australia, 23.6 percent of Australian organisations received that same influx.

Additionally, 58.8 percent of Australian organisations said they were responding to redundant security alerts at least 25 percent of the time. Of these, 19.9 percent said at least half of the alerts they received were redundant.

Additionally, 15 percent of Australian organisations said that between 50 percent and 74 percent of alerts were duplicates.

Meanwhile, 70 percent of Australian respondents said the number of alerts received over the past 24 months had either increased or stayed the same. More than a quarter said they had witnessed a decrease over the same period.

Rich Costanzo, FireEye Australia and New Zealand systems engineering lead, said the findings underscored that organisations are being inundated with redundant alerts, therefore increasing the risk of critical alerts being missed.

"In some cases, Australian businesses are experiencing tens of thousands of security alerts every month, and IT teams that are already stretched need to review every single one of these," he said.

"Not only could this flood of notifications lead to severe business consequences if malicious alerts slip through the cracks, but with many IT teams struggling to keep their heads above water, these alerts could go unchecked for days and increase the risk to the business."

Despite the amount of alerts, the report illustrated that organisations have a good handle on the initial response time, where 75 percent take less than five hours to review critical alerts.

The survey also found that Australian businesses are turning to third parties for improved security options. While only 38 percent of Australian respondents outsourced their IT security management, 92 percent of these said that they did so in order to improve security rather than save money.

When asked how many hours are being spent responding to notifications, 35.2 percent of Australian enterprises surveyed said that at least 200 hours were being spent reviewing security alerts each month.

"The importance of accurate technology can't be overlooked. Organisations need platforms capable of reviewing and alerting across multiple consoles to identify and mitigate threats, and that provide efficient workflows to streamline the analysis process when time is critical," the report concluded.

"Alert monitoring accounts for roughly half of most companies' IT security budgets. This survey demonstrates the overwhelming need for organizations to review their alert management process to better respond to alerts before they become full-fledged attacks."